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Pending Claims; 

This listing of claims will replace all prior listings of claims in the application: 

Listing of Claims: 

1. (Cancelled) 

2. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, said 
message indicating that an address of a certificate provisioning gateway for certificate 
issuance and delivery procedure in a visited network is requested by the subscriber's user 
equipment, the certificate provisioning gateway serving at least one certificate authority, 
the message further containing the address of the certificate provisioning gateway; 

obtaining, by a processor, in response to receiving the message, subscriber's 
location information maintained in a mobile communication system; 

determining, by the processor, on the basis of the subscriber's location 
information, an address of the certificate provisioning gateway; 

checking, by the processor, whether or not the address of the certificate 
provisioning gateway received in the message is the same as the address of the certificate 
provisioning gateway determined on the basis of the location information; and 

when they are not the same, using, by the processor, the address determined on 
the basis of the location information ; and 

transmitting to the subscriber's user equipment at least part of information required to 
obtain a certificate from the certificate provisioning gateway having the address of the certificate 
provisioning gateway . 

3. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, the message 
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containing indicating subscriber's location information and indicating that an address of a 
certificate provisioning gateway for certificate issuance and delivery procedure in a visited 
network is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

obtaining, by a processor, in response to receiving the message, subscriber's 
location information maintained in a mobil e communication system; 

checking, by the processor, wh e ther or not the subscriber's location information 
received in th e message corr e sponds to the subscriber's location information obtained; and 

using, by the processor, the subscriber's location information obtained 
to determine the address of the certificate provisioning gateway when the 
subscriber's location information obtained does not correspond to subscriber's the 
location information received in the message ; and 

transmitting to the subscriber's user equipment at least part of information required to 
obtain a certificate from the certificate provisioning gateway having the determined address . 

4-5. (Cancelled) 

6. (Currently amended) The method of claim 24, further comprising: 

authenticating the subscriber; and 

wherein transmitting at least part of the information comprises: 

transmitting during the subscriber authentication to the user equipment the at least 
part of the information required to obtain a certificate from a certificate issuance 
service in another network than a home network in a mobile communication system after 
the subscriber authentication, the part of the information including at least one from a 
group comprising an address of a certificate provisioning gateway via which the 
certificate issuance service is provided in the other network, the certificate provisioning 
gateway serving at least one certificate authority, a public key required for the certificate 
issuance service in the other network, and an indication of the protocol required for the 
certificate issuance service in the other network. 

7. (Previously Presented) The method of claim 6, further comprising: 
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performing the authentication as an application level authentication. 

8. (Previously Presented) The method of claim 6, further comprising: 

utilizing said part of the information during a certificate issuance procedure after 
the authentication in a visited network by the user equipment. 

9. (Previously Presented) The method of claim 6, further comprising: 

transmitting in said part of the information location network specific information. 

10-12. (Cancelled) 

13. (Previously Presented) The method of claim 6, further comprising, when 

said part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided, transmitting from the user 
equipment a certificate request to the certificate provisioning gateway. 

14. (Currently amended) The method of claim 26, further comprising: 

authenticating the subscriber; and 

wherein transmitting at least part of the information comprises: 

transmitting, in response to the message, to the user equipment in a reply message 
at least part of information required to obtain a certificate from the certificate issuance service in 
the other network, the part of the information including at least one from a group comprising an 
address of a certificate provisioning gateway via which the certificate issuance service is 
provided in the other network, the certificate provisioning gateway serving at least one certificate 
authority, a public key required for the certificate issuance service in the other network, and an 
indication of the protocol required for the certificate issuance service in the other network. 

15. (Previously Presented) The method of claim 14, further comprising: 

transmitting the message and the reply message in an integrity protected channel. 

16. (Cancelled) 
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17. (Previously Presented) The method of claim 14, further comprising, when 
said part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided, transmitting from the user 
equipment a certificate request to the certificate provisioning gateway. 

18-23. (Cancelled) 

24. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, the message 
containing subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network 
is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

obtaining, by a processor, in response to receiving the message, subscriber's 
location information maintained in a mobile communication system; 

checking, by the processor, whether or not the subscriber's location information 
received in the message corresponds to the subscriber's location information obtained; 

when the subscriber's location information obtained corresponds to the 
subscriber's location information received in the message, determining, by the processor, 
on the basis of the subscriber's location information the address of the certificate 
provisioning gateway and transmitting to the subscriber's user equipment at least part of 
information required to obtain a certificate from the certificate provisioning gateway having the 
determined address ; and 

when the subscriber's location information obtained does not correspond to the 
subscriber's location information received in the message, sending, by the processor, an 
error indication by using the subscriber's location information obtained. 

25. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, the message 
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containing indicating subscriber's location information and indicating that an address of a 
certificate provisioning gateway for certificate issuance and delivery procedure in a visited 
network is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

obtaining, by a processor, in r e sponse to receiving the message, subscriber's 
location information maintained in a mobile communication system; 

checking, by the processor, whether or not the subscriber's location information 
received in the message corr e sponds to the subscriber's location information obtained; 

determining, by the processor, on the basis of the subscriber's location information 
the address of the certificate provisioning gateway , when the subscriber's location 
information r e ceived in the messag e corresponds to the subscriber's location information 

using, by the processor, the subscriber's location information received in the 
message when the subscriber's location information received in the message does not 
correspond to the subscriber's location information obtained; 

transmitting to the subscriber's user equipment at least part of information required to 
obtain a certificate from the certificate provisioning gateway having the determined address . 

26. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, the message 
containing subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network 
is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

obtaining, by a processor, in response to receiving the message, subscriber's 
location information maintained in a mobile communication system; 

checking, by the processor, whether or not the subscriber's location information 
received in the message corresponds to the subscriber's location information obtained; 

when the subscriber's location information received in the message corresponds 
to the subscriber's location information obtained, determining, by the processor, on the 
basis of the subscriber's location information the address of the certificate provisioning 
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gateway and transmitting to the subscriber's user equipment at least part of information required 
to obtain a certificate from the certificate provisioning gateway having the determined address ; 
and 

when the subscriber's location information received in the message does not 
correspond to the location information obtained, sending, by the processor, an error 
indication by using the subscriber's location information received in the message. 

27. (Currently amended) The method of claim 25, comprising: 
authenticating the subscriber; and 

wherein transmitting the at least part of the information required to obtain the certificate 
comprises: 

transmitting after the authentication via an authenticated channel to subscriber's 
user equipment the at least part of information required for a certificate issuance service in 
another network than a home network of the subscriber, said at least part of the 
information comprising information required to obtain a certificate from the 
certificate issuance service in the other network. 

28-31. (Cancelled) 

32. (Currently amended) An apparatus, comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 
to determine, in response to receiving from subscriber's user equipment a 
message indicating a request for an address of another certificate provisioning 
gateway for certificate issuance and delivery procedure, the message further 
containing an address of the other certificate provisioning gateway, an address of 
the other certificate provisioning gateway on the basis of subscriber's location 
information maintained in and obtained from the mobile communication system, 

to check whether or not the address of the other certificate provisioning 
gateway received in the message is the same as the address of the other certificate 
provisioning gateway determined on the basis of the subscriber's location 
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information, and 

when they are not the same, to use the address of the other certificate 
provisioning gateway determined on the basis of the location information ; and 

transmit to the subscriber's user equipment at least part of information required to obtain 
a certificate from the certificate provisioning gateway having the address of the certificate 
provisioning gateway . 

33. (Currently amended) An apparatus, comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 

to obtain, in response to receiving receive from subscriber's user equipment a 
message containing indicating subscriber's location information and indicating a request for 
an address of another certificate provisioning gateway for certificate issuance and 
delivery procedure in a visited network, subscriber's location information 
maintained in the syst e m, 

to check whether or not the subscrib e r's location information received in 
the messag e corresponds to the subscriber's location information obtained, and 

to use the subscriber's location information obtained from the system to 
determine the address of the other certificate provisioning gateway when th e 
subscriber's location information obtained from th e system does not corr e spond to 
the location information received in th e messag e i and 

to transmit to the subscriber's user equipment at least part of information required to 
obtain a certificate from the certificate provisioning gateway having the determined address . 

34. (Currently amended) An apparatus, comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 
to obtain, in response to receiving from subscriber's user equipment a 
message containing subscriber's location information and indicating that an 
address of another certificate provisioning gateway for certificate issuance and 
delivery procedure in a visited network is requested, subscriber's location 
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information maintained in the system, 

to check whether or not the subscriber's location information received in 
the message corresponds to the subscriber's location information obtained, 

when the subscriber's location information received in the message 
corresponds to the subscriber's location information obtained, to determine an 
address of the other certificate provisioning gateway on the basis of the 

subscriber's location information and to transmit to the subscriber's user equipment at least part 
of information required to obtain a certificate from the certificate provisioning gateway having 
the determined address , and 

when the subscriber's location information obtained from the system does 
not correspond to the subscriber's location information received in the message, to 
send an error indication by using the subscriber's location information obtained. 

35. (Currently amended) An apparatus, comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 

to obtain, in response to receiving from subscriber's user equipment a 
message containing subscriber's location information and indicating a request for 
an address of another certificate provisioning gateway for certificate issuance and 
delivery procedure in a visited network, subscriber's location information 
maintained in the system, 

to check whether or not the subscriber's location information in the 
message corresponds to the subscriber's location information obtained, and 

to use the subscriber's location information received in the message to 
determine the address of the other certificate provisioning gateway when the 
subscriber's location information received in the message does not correspond to 
the subscriber's location information obtained , and 



to transmit to the subscriber's user equipment at least part of information required to 
obtain a certificate from the certificate provisioning gateway having the determined address . 

36. (Currently amended) An apparatus comprising: 



-9- 



Appln.No. 10/705,396 
Filed: November 12, 2003 



Attorney's Docket No.: 39700-583001US/NC37029US 
Customer Number: 64046 



a processor configured 

to serve a certificate authority in a mobile communication system, 

to obtain, in response to receiving from subscriber's user equipment a message containing 
subscriber's location information and indicating a request for an address of another certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network, 
subscriber's location information maintained in the system, 

to check whether or not the subscriber's location information received in the message 
corresponds to the subscriber's location information obtained, 

to determine on the basis of the subscriber's location information the address of the other 
certificate provisioning gateway, when the subscriber's location information in the message 
corresponds to the subscriber's location information obtained, and to transmit to the subscriber's 
user equipment at least part of information required to obtain a certificate from the certificate 
provisioning gateway having the determined address, and 

when the subscriber's location information received in the message does not correspond 
to the subscriber's location information obtained, to send an error indication by using the 
subscriber's location information received in the message. 

37. (Previously Presented) The method as claimed in claim 2, wherein a 
certificate authority is a trusted third party. 

38. (Previously Presented) The method as claimed in claim 2, wherein a 
certificate authority is a trusted third party and does not include an authorization, 
authentication and accounting server. 

39. (Previously presented) The apparatus as claimed in claim 32, wherein a certificate authority 
is a trusted third party. 

40. (Previously presented) The apparatus as claimed in claim 32, wherein a certificate authority 
is a trusted third party and does not include an authorization, authentication and 

accounting server. 
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